package cn.myjerry.test.JDBC;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;

/**
 * 测试数据库建立连接
 * 测试执行sql语句，以及SQL注入问题
 * @author Jerry
 *
 */
public class Demo01 {
	// JDBC 驱动名及数据库 URL
    static final String JDBC_DRIVER = "com.mysql.jdbc.Driver";  
    static final String DB_URL = "jdbc:mysql://localhost:3306/testjdbc?useSSL=true";
    
    // 数据库的用户名与密码，需要根据自己的设置
    static final String USER = "root";
    static final String PASS = "Jerry1912317";
	
	public static void main(String[] args) throws Exception {
		// 加载驱动类
		Class.forName(JDBC_DRIVER);
		// 建立连接
		Connection conn = DriverManager.getConnection(DB_URL, USER, PASS);
		Statement stmt = conn.createStatement();
		
//		String Name = "王五";
//		String sql = "INSERT INTO User (Name,PassWord,RegTime) VALUES ('" + Name + "',\"001\",now())";
//		stmt.execute(sql);
		
		// 测试SQL注入
		String id = "5 OR 1=1";
		String sql = "DELETE FROM User WHERE Id=" + id;
		stmt.execute(sql);
		
	}
}
